I recently presented about securing government at the 2017 Cyber Defense & Network Security (CDANS) conference in the United Kingdom. As I was preparing remarks for senior U.S. and EMEA military leadership, and as I’ve done in years past for this annual conference, I began pondering 2016 in the context of securing our networks. What could I advocate to these leaders that was different than I have advocated in years past? After all, we’re seeing some of the same issues – made even more urgent by our evolving networks into public clouds, and with our data more widely dispersed than ever before.
Entering 2017 with more electric grid attacks, a year of pervasive and successful ransomware, attack campaigns of years past that succeeded once again, and now our first ever botnet of things, what could I say to encourage these leaders and help us focus not on the past but on lessons for a very positive start to 2017? Well, as it turns out, quite a bit. What follows are my observations and thoughts for using 2017 to course-correct with both the recognizable patterns and greater attention to best practices to ensure our defense in depth strategies are agile.
First, let me pose a question to you: Coming out of 2016, what do you feel is the number one way in which attackers are ahead of our enterprise security efforts? I would posit that it’s automation – with collaboration a close second. As I looked at some of the 2016 cyber malicious activities and events, the automation theme was pervasive and growing:
I won’t use this blog post to repeat the many details we’ve already published from the year. But I do want to reiterate the good news that I repeated to the audience at CDANS, and even more with the latest release of our PAN-OS 8.0: you, too, have automation available to protect your data and your network assets. (More on that later.)
Late in 2016, I commissioned a study of how the U.S. federal government is using automation to improve all aspects of its attack mitigation processes – from external threat intelligence consumption to what security sensors and capabilities are doing to help. The results, published in MeriTalk’s “Pedal to the Metal” report, were in some ways disappointing, yet were informative in where I feel Palo Alto Networks can help.
Here are some highlights:
Most don’t need more data (or people to review it) but the ability to make faster decisions from the data they have. But do they understand that?
As Einstein said, “We cannot solve our problems with the same thinking we used when we created them.” It’s time to embrace innovations in automation, just as we’re seeing governments now slowly but surely embrace the cloud. Reduce time to act on anything new hitting your networks. Your goal with today’s technology should be under five minutes for new protection to be created and deployed. This could be malware signature creation, detecting and blocking new IP addresses and domains associated with command-and-control infrastructure. When it comes to exploits, they can be stopped immediately – don’t settle for anything less.
For government, these changes may seem like radical departures but keep in mind that you can start with incremental change to a long-term goal. Don’t be overwhelmed. Perhaps start with one aspect of your network with:
For your OT environments, if your country doesn’t have regulatory guidelines, use NERC CIPv5 as your baseline, and consider the Purdue model.
I used a military analogy to which many can relate – regardless if you were ever part of an airborne mission or are a gamer. Looking out of that cockpit, traversing enemy territory, the timeliness (and accuracy) of the information that you receive is critical. Just as in the physical domain, every second counts in our cyber domain. We don’t have to repeat the mistakes of 2016. It is possible to appropriately secure our data and networks – however we extend them from SaaS to public cloud to remote locations to support our troops, our government operations, and our citizen services. Let’s use 2017 to reclaim control and use automation to our advantage – to reduce the risk to our governments and critical infrastructure and to ensure the resiliency of our digital way of life.
To learn more about our other activities at CDANS 2017 this year, please visit:
And if you haven’t had a chance, please read about all of the exciting enhancements we made in PAN-OS 8.0.
If you are in the U.S. government, come to Federal Ignite 2017 to learn more about what we’re doing for you and your peers to make fast threat prevention through automation a reality.